<html>
<head>
<title>Learn From Mistakes.</title>
<script src="/static/js/jquery.min.js"></script>
<script src="/static/js/bootstrap.min.js"></script>
<script src="/static/js/jquery.nouislider.js"></script>
<link rel="stylesheet" type="text/css" href="/static/css/common.css" />
<link rel="stylesheet" type="text/css" href="/static/css/slide.css" />
<link rel="stylesheet" type="text/css"
	href="/static/css/bootstrap.min.css" />
<link rel="stylesheet" type="text/css"
	href="/static/css/flat-ui.min.css" />
<link rel="stylesheet" type="text/css"
	href="/static/css/jquery.nouislider.css" />
<style type="text/css">
.middle {
	float: none;
	display: inline-block;
	vertical-align: middle;
}

pre {
	margin: 0px;
	padding: 0px;
	border: 0px;
}

li{
	font-size:17px;
}
</style>
</head>
<body>
	<div class="modal-dialog" style="margin-top: 0px;">
		<div class="modal-content">
			<div class="modal-header">

				<h4 class="modal-title text-center" id="myModalLabel">登录</h4>
			</div>
			<div class="modal-body" id="model-body">
				<div class="form-group">

					<input id="userid" type="text" class="form-control"
						placeholder="用户名" autocomplete="off">
				</div>
				<div class="form-group">

					<input id="userpwd" type="password" class="form-control"
						placeholder="密码" autocomplete="off">
				</div>
			</div>
			<div class="modal-footer">
				<div class="form-group">
					<button type="button" onclick="doInit()"
						class="btn btn-primary form-control">初始化用户表</button>
				</div>
				<div class="form-group">
					<button type="button" onclick="doLogin()"
						class="btn btn-primary form-control">登录</button>
				</div>
				<div class="form-group">
					<button type="button" onclick="doUpdate()"
						class="btn btn-primary form-control">修改密码</button>
				</div>
			</div>
		</div>

	</div>
	<div>
		<h4>查询</h4>
		<ol>
			<li>"select * from t_users where id='"+id+"' AND password =
				'"+password+"'"</li>
			<li>构造输入参数id：user1' OR '1=1' -- ,password值为password1</li>
			<li>构造参数id:user1,password值为：aa' OR '1=1</li>
			<li>SQL:select * from t_users where id='user1' OR '1=1'--AND
				password = 'password1'</li>
			<li>构造参数id：admin'; --'</li>
		</ol>
	</div>
	<div>
		<h4>更新</h4>
		<ol>
			<li>"update t_users set password = '" + password + "' where
				id='" + id + "'";</li>
			<li>构造id:111' OR '1=1</li>
			<li>SQL:"update t_users set password = '111' where
				id='111' OR '1=1'";</li>
		</ol>
	</div>
	<script>
		function doLogin() {
			var userid = $("#userid").val();
			var userpwd = $("#userpwd").val();
			$.post("/syr/sql/dologin", {
				id : userid,
				password : userpwd
			}, function(data) {
				if (data.result) {
					alert("登录成功");
				} else {
					alert("登录失败");
				}
			}, "json");
		}

		function doInit() {
			var userid = $("#userid").val();
			var userpwd = $("#userpwd").val();
			$.post("/syr/sql/init", {}, function(data) {
				if (data.result) {
					alert("初始化成功");
				} else {
					alert("初始化失败");
				}
			}, "json");
		}

		function doUpdate() {
			var userid = $("#userid").val();
			var userpwd = $("#userpwd").val();
			$.post("/syr/sql/update", {
				id : userid,
				password : userpwd
			}, function(data) {
				if (data.result) {
					alert("更新成功");
				} else {
					alert("更新失败");
				}
			}, "json");
		}
	</script>
</body>
</html>